Everthing seems to be working
This commit is contained in:
parent
8453583818
commit
7eeb0b423b
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1 +1 @@
|
|||
*.conf
|
||||
conf/*.txt
|
||||
|
|
24
Dockerfile
Normal file
24
Dockerfile
Normal file
|
@ -0,0 +1,24 @@
|
|||
# OpenVPN client + SOCKS proxy
|
||||
# Usage:
|
||||
# Create configuration (.ovpn), mount it in a volume
|
||||
# docker run --volume=something.ovpn:/ovpn.conf:ro --device=/dev/net/tun --cap-add=NET_ADMIN
|
||||
# Connect to (container):1080
|
||||
# Note that the config must have embedded certs
|
||||
# See `start` in same repo for more ideas
|
||||
|
||||
FROM alpine
|
||||
|
||||
COPY sockd.sh /usr/local/bin/
|
||||
|
||||
RUN true \
|
||||
&& echo "http://dl-4.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
|
||||
&& apk add --update-cache dante-server openvpn bash openresolv openrc \
|
||||
&& rm -rf /var/cache/apk/* \
|
||||
&& chmod a+x /usr/local/bin/sockd.sh \
|
||||
&& true
|
||||
|
||||
|
||||
ENTRYPOINT [ \
|
||||
"/bin/bash", "-c", \
|
||||
"cd /etc/openvpn && /usr/sbin/openvpn --config *.conf --script-security 2 --up /usr/local/bin/sockd.sh" \
|
||||
]
|
45
LICENSE
Normal file
45
LICENSE
Normal file
|
@ -0,0 +1,45 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016 Chris Yuen
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
===
|
||||
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016 Mook
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
47
README.md
Normal file
47
README.md
Normal file
|
@ -0,0 +1,47 @@
|
|||
# OpenVPN-client
|
||||
|
||||
This is a docker image of an OpenVPN client tied to a SOCKS proxy server. It is
|
||||
useful to isolate network changes (so the host is not affected by the modified
|
||||
routing).
|
||||
|
||||
This supports directory style (where the certificates are not bundled together in one `.ovpn` file) and those that contains `update-resolv-conf`
|
||||
|
||||
(For the same thing in WireGuard, see [kizzx2/docker-wireguard-socks-proxy](https://github.com/kizzx2/docker-wireguard-socks-proxy))
|
||||
|
||||
## Why?
|
||||
|
||||
This is arguably the easiest way to achieve "app based" routing. For example, you may only want certain applications to go through your WireGuard tunnel while the rest of your system should go through the default gateway. You can also achieve "domain name based" routing by using a [PAC file](https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_(PAC)_file) that most browsers support.
|
||||
|
||||
## Configuration
|
||||
|
||||
In the sockd.sh file you will find the ip command setting routes to some subnet via a hosts ip address. This is seemingly the only way the routing tables inside the container can reach the given subnets.
|
||||
|
||||
## Usage
|
||||
|
||||
Preferably, using `start` in this repository:
|
||||
```bash
|
||||
start /your/openvpn/directory
|
||||
```
|
||||
|
||||
`/your/openvpn/directory` should contain *one* OpenVPN `.conf` file. It can reference other certificate files or key files in the same directory.
|
||||
|
||||
Alternatively, using `docker run` directly:
|
||||
|
||||
```bash
|
||||
docker run -it --rm --device=/dev/net/tun --cap-add=NET_ADMIN \
|
||||
--name openvpn-client \
|
||||
--volume /your/openvpn/directory/:/etc/openvpn/:ro -p 1080:1080 \
|
||||
kizzx2/openvpn-client-socks
|
||||
```
|
||||
|
||||
Then connect to SOCKS proxy through through `localhost:1080` / `local.docker:1080`. For example:
|
||||
|
||||
```bash
|
||||
curl --proxy socks5h://local.docker:1080 ipinfo.io
|
||||
```
|
||||
|
||||
## HTTP Proxy
|
||||
|
||||
You can easily convert this to an HTTP proxy using [http-proxy-to-socks](https://github.com/oyyd/http-proxy-to-socks), e.g.
|
||||
|
||||
hpts -s 127.0.0.1:1080 -p 8080
|
19
docker-compose.yml
Executable file
19
docker-compose.yml
Executable file
|
@ -0,0 +1,19 @@
|
|||
version: "2.3"
|
||||
services:
|
||||
openvpn_socks:
|
||||
build: ./
|
||||
container_name: "openvpn_us"
|
||||
ports:
|
||||
- "192.168.5.27:1081:1080"
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
#restart: always
|
||||
volumes:
|
||||
- "./conf:/etc/openvpn:ro"
|
||||
- "./sockd.conf:/etc/sockd.conf"
|
||||
- "./resolv.conf:/etc/resolv.conf"
|
||||
- "./sockd.sh:/usr/local/bin/sockd.sh"
|
||||
#sysctls:
|
||||
# - "net.ipv6.conf.all.disable_ipv6=0"
|
10
sockd.sh
Executable file
10
sockd.sh
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
ip route add 192.168.5.27/32 dev eth0
|
||||
ip route add 192.168.0.0/16 via 192.168.5.27 dev eth0
|
||||
set -e
|
||||
[ -f /etc/openvpn/up.sh ] && /etc/openvpn/up.sh "$@"
|
||||
if [ -z "`ps | grep ' sockd ' | grep -v grep`" ]; then
|
||||
/usr/sbin/sockd -D;
|
||||
else
|
||||
echo SOCKD already running!;
|
||||
fi
|
13
start
Executable file
13
start
Executable file
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
exec docker run \
|
||||
--rm \
|
||||
--tty \
|
||||
--interactive \
|
||||
--device=/dev/net/tun \
|
||||
--name=openvpn-client \
|
||||
--cap-add=NET_ADMIN \
|
||||
--publish 127.0.0.1:1080:1080 \
|
||||
--volume "$(realpath "$1"):/etc/openvpn/:ro" \
|
||||
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
|
||||
kizzx2/openvpn-client-socks
|
Loading…
Reference in a new issue